​GitOps模式下微服务CI/CD实践

news/2024/7/1 9:47:00

点击上方蓝字⭐️关注“DevOps云学堂”,接收最新技术实践

3a5accab4a03ef7221d1ea4c61f313bd.png

今天是「DevOps云学堂」与你共同进步的第 24 

3baef08d9adb8b1bf2b46d20f0c96bd4.jpeg

单应用与环境流程设计:

ea4b038bd5be5861abe6ad4f91760e40.png

多应用与环境流程设计:

6658e5b0e9c41386dcfced5f2ba98fb1.png


CI持续集成

首先准备一个代码库:https://github.com/DevOpsCICDCourse/microservicescicd/blob/main/microservice-demo-service-master.zip

b30cf69eaa0977aee7f664a93e28e9d8.png


我们来梳理一下CI流水线的步骤:

53d2c1d91da97013baba207dd124916c.png


  • 由于此次实现的代码仓库类型为单一存储库,即一个存储库存放多个服务模块代码,每个子目录为一个服务模块。

  • 首先,我们的持续集成流水线需要能够正确获取,当前的commit是哪个服务的代码。

  • 确定好服务,然后下载该服务的代码,进行编译打包、单元测试、代码扫描和构建镜像等步骤。

如何获取commit的服务信息?这里我们使用GitLab WebHook功能和Jenkins 的job 构建触发器对接来实现。

992d831cf1acff2ebcc386e23fd29dd2.png

工作流程是: 当我在Gitlab提交了代码,会通过GitLab webhook 触发Jenkins Scheduler 作业, 会将此次提交代码所产生的hook data数据信息以POST的方式传给Jenkins Job。 此时Jenkins job可以编写使用Generic Hook插件获取此次POST请求传输过来的请求体Body信息。 是一段JSON数据, 该job运行后编写Pipeline 解析JSON中的数据拿到所变更的服务模块信息。 最后触发对应服务的CI作业进行构建。

CI-Scheduler 作业

此作业只需要开启webhook, 配置触发token(唯一性)。生成hookurl:http://jenkins.idevops.site/generic-webhook-trigger/invoke?token=microservicecicd-scheduler-CI

bf8f2e4343e72505865c35ba6e53c9a2.png

d15d47d16e780e1e729f782335316dbd.png


Jenkinsfile

pipeline {
 agent any 

 stages{

  stage("GetData"){
   steps{
    script {
     echo "${webHookData}"

     data = readJSON  text: "${webHookData}"

     println(data)

     env.branchName = data.ref - "refs/heads/"
     env.commitId = data.checkout_sha
     env.projectId = data.project_id
     commits = data["commits"]

     println("${env.branchName}")
     println("${env.commitID}")
     println("${env.projectId}")

     //env.moduleName = "service01"
     changeServices = []
                    for(commit in commits) {
                        println(commit.id)

                        //added
                        for (add in commit.added) {
                            s = add.split("/") as List
                            if (s.size() > 1){
                                if (changeServices.indexOf(s[0]) == -1){
                                    changeServices.add(s[0])
                                }
                            }
                        }

                        //modified
                        for (m in commit.modified) {
                            s = m.split("/") as List
                            // println s
                            // println s.size()
                            // println s[0]
                            if (s.size() > 1){
                                // println changeServices.indexOf(s[0])
                                if (changeServices.indexOf(s[0]) == -1){
                                    changeServices.add(s[0])
                                }
                            }
                        }

                        //removed
                        for (r in commit.removed) {
                            s = r.split("/") as List
                            println s
                            if (s.size() > 1){
                                if (changeServices.indexOf(s[0]) == -1){
                                    changeServices.add(s[0])
                                }
                            }
                        }
                    }

                    println(changeServices)
                    //currentBuild.description = " Trigger by  ${eventType} ${changeServices} 
    }
   }
  }

  stage('DefineService') {
            steps {
                script{
                    println(changeServices)
                    //服务构建顺序控制
                    services = ['service02', 'service01']
                    for (service in services){
                        if (changeServices.indexOf(service) != -1){
                            jobName = 'microservicecicd-'+service+'-service-CI'
                            build job: jobName, wait: false,  parameters: [string(name: 'branchName', value: "${env.branchName}" ),
                                                                           string(name: 'commitId',   value: "${env.commitId}" ), 
                                                                           string(name: 'projectId',  value: "${env.projectId}" )]
                        }
                    }
                }
            }
        }
 }
}

GitLab 配置WebHook

开启webhook,配置hookurl:http://jenkins.idevops.site/generic-webhook-trigger/invoke?token=microservicecicd-scheduler-CI

482e9d3c68da5ee7ee3a12b808a9c115.png


CI流水线-CI作业

每个微服务创建一个CI作业,具有三个字符串参数:分支名称、commitID、项目ID。

45ed51db9e98876e84a394353554da62.png


Jenkinsfile

String branchName = "${env.branchName}"
String moduleName = "${JOB_NAME}".split("/")[1].split("-")[1]
String srcUrl = "http://gitlab.idevops.site/microservicecicd/microservicecicd-demo-service.git"
String commitId = "${env.commitId}"
String projectId = "${env.projectId}"

pipeline {
    agent { node { label "build" } }

    stages {
        stage('GetCode') {
            steps {
                script {
                    checkout([$class: 'GitSCM', 
                            branches: [[name: "${branchName}"]], 
                            doGenerateSubmoduleConfigurations: false,
                            extensions: [[$class: 'SparseCheckoutPaths', 
                                        sparseCheckoutPaths: [[path: "${moduleName}"],[path: 'Dockerfile']]]], 
                            submoduleCfg: [], 
                            userRemoteConfigs: [[credentialsId: 'gitlab-admin-user',
                                                url: "${srcUrl}"]]])
                }
                
            }
        }

        stage("Build&Test"){
            steps{
                script{
                    echo "Build..........."

                    sh """
                    cd ${moduleName} 
                    mvn clean package

                    """
                }
            }
            post {
                always {
                    junit "${moduleName}/target/surefire-reports/*.xml"
                }
            }
        }

        stage("SonarScan"){
            steps{
                script{

                    def sonarDate = sh returnStdout: true, script: 'date  +%Y%m%d%H%M%S'
                    sonarDate = sonarDate - "\n"

                    withCredentials([string(credentialsId: 'sonar-admin-user', variable: 'sonartoken'),
                                    string(credentialsId: 'gitlab-user-token', variable: 'gitlabtoken')]) {
                        // some block
                        sh """
                        cd ${moduleName} 
                        sonar-scanner \
                        -Dsonar.projectKey=${JOB_NAME} \
                        -Dsonar.projectName=${JOB_NAME} \
                        -Dsonar.projectVersion=${sonarDate} \
                        -Dsonar.ws.timeout=30 \
                        -Dsonar.projectDescription="xxxxxxx" \
                        -Dsonar.links.homepage=http://www.baidu.com \
                        -Dsonar.sources=src \
                        -Dsonar.sourceEncoding=UTF-8 \
                        -Dsonar.java.binaries=target/classes \
                        -Dsonar.java.test.binaries=target/test-classes \
                        -Dsonar.java.surefire.report=target/surefire-reports \
                        -Dsonar.host.url="http://sonar.idevops.site" \
                        -Dsonar.login=${sonartoken} \
                        -Dsonar.gitlab.commit_sha=${commitId} \
                        -Dsonar.gitlab.ref_name=${branchName} \
                        -Dsonar.gitlab.project_id=${projectId} \
                        -Dsonar.dynamicAnalysis=reuseReports \
                        -Dsonar.gitlab.failure_notification_mode=commit-status \
                        -Dsonar.gitlab.url=http://gitlab.idevops.site \
                        -Dsonar.gitlab.user_token=${gitlabtoken} \
                        -Dsonar.gitlab.api_version=v4

                        """

                    }
 
                }
            }
        }

        stage("BuildImage"){
            steps{
                script{

                     withCredentials([usernamePassword(credentialsId: 'aliyun-registry-admin', passwordVariable: 'password', usernameVariable: 'username')]) {
                
                         env.nowDate = sh  returnStdout: true, script: 'date  +%Y%m%d%H%M%S'
                         env.nowDate = env.nowDate - "\n"

                         env.releaseVersion = "${env.branchName}"
                         env.imageTag = "${releaseVersion}-${nowDate}-${commitId}"
                         env.dockerImage = "registry.cn-beijing.aliyuncs.com/microservicecicd/microservicecicd-${moduleName}-service:${env.imageTag}"
                         env.jarName = "${moduleName}-${branchName}-${commitId}"
                         sh """
                             docker login -u ${username} -p ${password}  registry.cn-beijing.aliyuncs.com
                             cd ${moduleName} && docker build -t ${dockerImage} -f ../Dockerfile --build-arg SERVICE_NAME=${jarName} .
                             sleep 1
                             docker push ${dockerImage}
                             sleep 1
                             docker rmi ${dockerImage}
                          """
                    }


                }
            }
        }

        
    }
}

GitOps-CI扩展部分

在原始CI作业的步骤基础上,增加了一个更新环境的步骤。GitOps实践会将当前的基础环境部署文件存放到一个Git仓库中。我们的CI作业在完成镜像上传后,同时更新环境部署文件中的镜像标签信息。(所以我们需要先获取该环境文件并更新上传)

40f3986097559d48d3b9c56ee149bddc.png


stage("PushFile"){
          // when {
          //   expression { "${env.branchName}".contains("RELEASE-") }
          // }
          steps{
            script{
              if ("${env.branchName}".contains("RELEASE-")){
                println("branchName = branchName")
                env.branchName = "master"

              } else {
                env.branchName = "feature"
              }

                for (i = 0; i < 3; i++) {
                    //下载版本库文件 
                    response = GetRepoFile(40,"${moduleName}%2fvalues.yaml", "${env.branchName}")
                    //println(response)
                    
                    //替换文件中内容
                    yamlData = readYaml text: """${response}"""

                    println(yamlData.image.version)
                    println(yamlData.image.commit)
                    yamlData.image.version = "${releaseVersion}-${env.nowDate}"
                    yamlData.image.commit  = "${commitId}"

                    println(yamlData.toString())

                    sh "rm -fr test.yaml"
                    writeYaml charset: 'UTF-8', data: yamlData, file: 'test.yaml'
                    newYaml = sh returnStdout: true, script: 'cat test.yaml'
                    
                    println(newYaml)
                    //更新gitlab文件内容
                    base64Content = newYaml.bytes.encodeBase64().toString()

                    // 会有并行问题,同时更新报错
                    try {
                      UpdateRepoFile(40,"${moduleName}%2fvalues.yaml",base64Content, "${env.branchName}")
                      break;
                    } catch(e){
                      sh "sleep 2"
                      continue;
                    }
                }
            }
          }
        }
        
 //封装HTTP请求
def HttpReq(reqType,reqUrl,reqBody){
    def gitServer = "http://gitlab.idevops.site/api/v4"
    withCredentials([string(credentialsId: 'gitlab-token', variable: 'gitlabToken')]) {
      result = httpRequest customHeaders: [[maskValue: true, name: 'PRIVATE-TOKEN', value: "${gitlabToken}"]], 
                httpMode: reqType, 
                contentType: "APPLICATION_JSON",
                consoleLogResponseBody: true,
                ignoreSslErrors: true, 
                requestBody: reqBody,
                url: "${gitServer}/${reqUrl}"
                //quiet: true
    }
    return result
}


//获取文件内容
def GetRepoFile(projectId,filePath,branchName){
    apiUrl = "projects/${projectId}/repository/files/${filePath}/raw?ref=${branchName}"
    response = HttpReq('GET',apiUrl,'')
    return response.content
}

//更新文件内容
def UpdateRepoFile(projectId,filePath,fileContent, branchName){
    apiUrl = "projects/${projectId}/repository/files/${filePath}"
    reqBody = """{"branch": "${branchName}","encoding":"base64", "content": "${fileContent}", "commit_message": "update a new file"}"""
    response = HttpReq('PUT',apiUrl,reqBody)
    println(response)

}
images

3ab6a394d751c9e37abb4bfa33de315a.png

GitOps-CD部分


fc2a69c633cd73fc9bc2e6e23111585e.png

CD-Scheduler作业

此作业其实也是接收GitLab的webhook请求, 与CI-scheduler作业类似。不同的是这个CD-scheduler作业是用来接收环境仓库的代码变更。开启webhook, 配置触发token。生成hookurl:http://jenkins.idevops.site/generic-webhook-trigger/invoke?token=microservicecicd-scheduler-CD

3ced52f06d03350d442ae7dc4ac879f6.png

95cf9fd2235d8d03c4f4e72d19039e76.png



Jenkinsfile

pipeline {
    agent any

    stages {
        stage('GetCommitService') {
            steps {
                script{
                    echo 'Hello World'
                    echo "${WebHookData}"
                    
                    // Git Info
                    webhookdata = readJSON text: """${WebHookData}"""
                    eventType = webhookdata["object_kind"]
                    commits = webhookdata["commits"]
                    branchName = webhookdata["ref"] - "refs/heads/"
                    projectID = webhookdata["project_id"]
                    commitID = webhookdata["checkout_sha"]


                    changeServices = []
                    for(commit in commits) {
                        println(commit.id)

                        //added
                        for (add in commit.added) {
                            s = add.split("/") as List
                            if (s.size() > 1){
                                if (changeServices.indexOf(s[0]) == -1){
                                    changeServices.add(s[0])
                                }
                            }
                        }

                        //modified
                        for (m in commit.modified) {
                            s = m.split("/") as List
                            // println s
                            // println s.size()
                            // println s[0]
                            if (s.size() > 1){
                                // println changeServices.indexOf(s[0])
                                if (changeServices.indexOf(s[0]) == -1){
                                    changeServices.add(s[0])
                                }
                            }
                        }

                        //removed
                        for (r in commit.removed) {
                            s = r.split("/") as List
                            println s
                            if (s.size() > 1){
                                if (changeServices.indexOf(s[0]) == -1){
                                    changeServices.add(s[0])
                                }
                            }
                        }
                    }

                    println(changeServices)
                    currentBuild.description = " Trigger by  ${eventType} ${changeServices} "
                }
            }
        }

        stage('DefineService') {
            steps {
                script{
                    println(changeServices)
                    //服务构建顺序控制
                    services = ['service02', 'service01']
                    for (service in services){
                        if (changeServices.indexOf(service) != -1){
                            jobName = 'microservicecicd-'+service+'-service-CD'
                            build job: jobName, wait: false,  parameters: [string(name: 'branchName', value: "${branchName}" )]
                        }
                    }
                }
            }
        }
    }
}

环境库配置webhook

开启webhook,配置hookurl:http://jenkins.idevops.site/generic-webhook-trigger/invoke?token=microservicecicd-scheduler-CD

4852172119cb7fd9534833c427df8283.png


CD流水线-CD作业

36de75db43eea426a820f42314fbf633.png


Jenkinsfile

String serviceName ="${JOB_NAME}".split("-")[1]
String nameSpace = "${JOB_NAME}".split("-")[0].split("/")[-1]


//pipeline
pipeline{
    agent { node { label "k8s"}}
    
    stages{

       stage("GetCode"){
            steps{
                script{
                    println("${branchName}")
                    println("${env.branchName}".contains("RELEASE-"))
                    println "获取代码"
                    checkout([$class: 'GitSCM', branches: [[name: "${env.branchName}"]], 
                                      doGenerateSubmoduleConfigurations: false, 
                                      extensions: [[$class: 'SparseCheckoutPaths', 
                                                    sparseCheckoutPaths: [[path: "${serviceName}"]]]], 
                                      submoduleCfg: [], 
                                      userRemoteConfigs: [[credentialsId: 'gitlab-admin-user', url: "http://gitlab.idevops.site/microservicecicd/microservicecicd-env.git"]]])
                }
            }
        }

        stage("HelmDeploy"){
            steps{
                script{
                  sh """
                      kubectl create ns "${nameSpace}-uat"  || echo false

                      helm install "${serviceName}" --namespace "${nameSpace}-uat" ./"${serviceName}" ||  helm upgrade "${serviceName}" --namespace "${nameSpace}-uat" ./"${serviceName}"

                      helm list --namespace "${nameSpace}-uat"
                      helm history "${serviceName}" --namespace "${nameSpace}-uat"

                  """
                }
            }
        }
    }
}

dbb1f1ce3f993d4935661aaf1d929bc5.png


往期推荐

为什么CI/CD 管道需要DevOps质量关卡?

代码发布后发现漏洞? | DevOps工程类D001 (术语解析与扩展)

《 Istio 权威指南 》重磅发行!华为云云原生团队匠心著作

站点可靠性工程与 DevOps 有何不同

如果这篇文章对您有帮助,欢迎转发点赞分享。您的关注是我持续分享的动力!


http://lihuaxi.xjx100.cn/news/1137289.html

相关文章

游戏搬砖简述-2

游戏搬砖&#xff0c;又称“代练”或“刷金币”&#xff0c;是指玩家为了获取游戏内货币、经验、装备等虚拟财富而进行付费交易。这种行为的背后涉及到一些法律和道德问题&#xff0c;并且可能会导致游戏公司视其为违法行为而对其采取打击措施。本文将讨论游戏搬砖的定义、风险…

【零基础学机器学习 2】 机器学习的实操步骤-以及在Python中实现机器学习模型

文章目录 1. 收集数据2. 准备数据3. 选择模型4. 训练模型5. 评估模型6. 参数调整7. 进行预测在Python中实现机器学习模型 机器学习是一种人工智能的分支&#xff0c;它使用算法和统计模型来让计算机系统自动地从数据中学习&#xff0c;并根据学习结果做出预测或决策。机器学习的…

uniapp之pages.json介绍

天天写文章&#xff0c;一会Python、一会java的、一会PHP的&#xff0c;有点烦了&#xff0c;出个uniapp的专栏吧&#xff0c;开干&#xff01; Uniapp是一款跨平台的开发框架&#xff0c;可以同时开发小程序、H5、App等多个平台。在Uniapp中&#xff0c;pages.json是一个非常…

杂记——24.HTML中空格的写法

前几天写项目时&#xff0c;突然对HTML中空格的写法感兴趣&#xff0c;于是搜了一下&#xff0c;现在对其进行总结 HTML不是一种编程语言&#xff0c;而是一种超文本标记语言 (markup language)&#xff0c;是网页制作所必备的。超文本”就是指页面内可以包含图片、链接&#…

【HarmonyOS】这些HarmonyOS应用开发的问题你都了解吗?

【关键字】 HTTP请求、requests exceeds 100、DNS域名解析、屏幕分辨率、ArkTS/JS 【问题描述1】 HTTP多次请求之后出现请求异常如何解决&#xff1f; 描述&#xff1a;接口是正常的&#xff0c;http多次请求出现提示“The requested has been canceled or the number of re…

JavaScript全解析——express

express 的基本使用 ●express 是什么? ○是一个 node 的第三方开发框架 ■把启动服务器包括操作的一系列内容进行的完整的封装 ■在使用之前, 需要下载第三方 ■指令: npm install express 1.基本搭建 // 0. 下载: npm install express// 0. 导入 const express express()…

腾讯VS百度:在AI上下大赌注

来源&#xff1a;猛兽财经 作者&#xff1a;猛兽财经 腾讯控股(00700)最近已经把基础模型和生成式人工智能应用方面的行业突破视为其业务的新增长机会了&#xff0c;并且正在大力投资人工智能&#xff0c;从而增强其现有产品的竞争力和拓展新的机会&#xff0c;比如腾讯已经把…

JAVA 一种用户密码加密规则

设计思路: a:以用户输入密码为基础 b: 根据加盐方法获取盐值 c: 先 密码加密 盐值 单独加密 再 把各自加密后密文进行加密 注意:盐值要存入数据库 登录时对比密码使用 1:引入加密工具包 <dependency> <groupId>commons-codec</groupId> &…